search

sherlock-audit / 2023-10-real-wagmi-judging

16 stars 14 forks source link

jah - the function takeoverDebt doesn't properly update #185

Closed sherlock-admin closed 11 months ago

sherlock-admin commented 11 months ago

jah

high

the function takeoverDebt doesn't properly update

Summary

the function takeoverdebt doesn't not properly update the liquidator balance ## Vulnerability Detail the function takeoverdebt is used to liquidate another borrower and transfer the position into the liquidator and when transferring the loan[] using _addKeysAndLoansInfo(newBorrowing.borrowedAmount > 0, borrowingKey, oldLoans); it is using the liquidated borrowingkey instead of the new one so the loan will will be updated into the previous one so when repaying using the repay function it might not use all the position

Impact

loss of fund

Code Snippet

Tool used

Manual Review

Recommendation

use newBorrowingKey

Duplicate of #53

sherlock-admin2 commented 11 months ago

2 comment(s) were left on this issue during the judging contest.

0xpep7 commented:

dup and same author as 187

JP_Courses commented:

has 2 other duplicate findings for this one: 001/187.md and 001/188.md